If online is your preferred payment method, you can use a virtual code instead of exposing your actual card details.
If online is your preferred payment method, you can use a virtual code instead of exposing your card details to protect against data theft and financial fraud from Saturday, as RBI standards on the tokenization of cards come into effect.
Card-on-file Tokenization (CoFT) is a process by which actual details such as 16-digit number, expiration date of a credit or debit card are replaced with a virtual code which is unique for that card, merchant point where it is to be used and the requester of the token (or card user).
In accordance with RBI guidelines, payment aggregators, wallets and e-merchants (card transaction/payment chain entities other than card issuers/card networks) may not store any sensitive customer information related to the card, including full card details from 1 October 2022.
The guidelines were actually due to come into effect from July 1 this year. However, RBI allowed another three months for the standards to go into effect, as not all players involved were ready for the new system at that time.
For the benefit of cardholders, it is important to note that tokenization is intended for online/e-commerce transactions only, as this is where their data is typically stored. For face-to-face or point-of-sale (PoS) transactions, tokenization is not applicable as it does not involve any data storage.
Although it is not mandatory for cardholders to tokenize their cards, it is considered a more secure mode of transaction as the actual card details are not shared/stored with merchants.
SBI Card, the only pure credit card issuer in India promoted by the country’s largest lender, has already incorporated the required changes.
“We are ready to launch it within the given timeframe at RBI,” said Rama Mohan Rao Amara, CEO of SBI Card.
He said Card-on-File Tokenization (CoFT) is a positive and progressive move by the regulator to improve customer security. The majority of ecosystem partners, including merchants, are ready to meet the deadline.
“Such changes may have minor issues initially, but once these are passed, the overall impact on customer security and overall user experience is better. The success rate of tokenized transactions is higher and should improve. As a compliant and customer-focused organization, we have already incorporated the required changes,” said Amara.
Ahead of the tokenization standard taking effect from Saturday, RBI Deputy Governor T Rabi Sankar told reporters on Friday that up to 35 crore cards had been tokenized and the system was ready. for the new standards.
According to official data, the total number of debit and credit cards in the system stands at over 101 crores at the end of August.
Card tokenization also makes transactions quick and easy as it eliminates the need to enter card details each time a transaction is made on the merchant site.
If you don’t tokenize your card, you will end up manually filling in all the card details every time you make a transaction.
The tokens being unique, a multiple bearer can generate as many tokens as he wishes.
One can generate a token through an online merchant instructed registration process involving filling in card details followed by verification via OTP. A token will then be generated which can be saved by the online merchant.
Sanjeev Moghe, President and Head of Cards and Payments, Axis Bank, said that with tokenization, the customer will have to perform a one-time tokenization and the subsequent transaction will be as easy as current transactions.
He said Axis Bank fully complies with the new guidelines.
“We have communicated this to our customers via SMS and emails and have also created detailed FAQs for customers to know more. All of our service touchpoints are fully equipped to handle customer queries on tokenization.
“This RBI decision will improve the card security framework for digital transactions,” Moghe said.
In the event of a data breach or hacking attempt on the merchant’s side, the customer’s card details will be protected, the official added.
PayU, which provides payment gateway solutions to online businesses, said it has successfully tokenized over 50 million cards (5 crore).
The company said it can tokenize 90% of all domestic transactions as it is live with India’s largest payment networks – Visa, Mastercard and RuPay.
“We have already onboarded some of the largest merchants in the country, and as the deadline approaches, we look forward to helping more businesses and their customers with a smooth transition,” said Manas Mishra, Chief Information Officer. products, PayU.